Phishing is an attempt to get you to hand over personal, confidential information to a criminal. The requests may seem legitimate and may be perpetrated by phone, email or via the internet. The danger lies in the fact that these phishing attempts look legitimate, sometimes even carrying an official-looking logo, and that they con you into providing information to fraudsters that you would not normally give to anyone else.
Hackers use different methods to trick people, so it's wise to always be cautious. For example, you may get a phone call from a company saying that there is a virus on your computer and that you can pay them a fee to remove it and keep it clean thereafter.
More often, hackers use email as the route of attack. Hackers often use information that will make you take note of the email and react. They may say that your bank account or email account has been hacked and that you need to verify your details by sending them your username and password/PIN, or ask that you click on a link. Or they may try to fool you into thinking you're the latest millionaire in a sweepstakes competition. You are then required to send them your banking details so that they can deposit the money into your bank account. These are common tell-tale signs of phishing attempts, so you need to be extra vigilant when you're asked to provide your personal information.
A legitimate company will never ask you to verify your account information, passwords, security questions, or other sensitive information. So if you receive a suspicious email, delete it immediately.
Analyse the details
If you are unsure about a message's authenticity, check the email header - which shows you the From, To, and Subject information. In most cases, there are either spelling mistakes, or the message isn't even from the company referred to in the email. For example, in Figure 1 above, note that the sender's email address contains an extra "s" in the organisation's name (i.e. the address ends in "abssa.co.za") - a spelling anomaly that clearly indicates it is not from ABSA bank.
Phishing messages are often badly-written (using poor English) or the link provided is for a completely different website - which indicates that the legitimate company did not send you the message.
What to do if you suspect a phishing attempt or fall victim to one
- Report it
If you receive a suspicious email in your UCT email account asking you to click on a link, or requesting your personal information:
- DO NOT follow the message's instructions.
- DO NOT forward the message to anyone else.
Instead, report the attempt to the UCT Computer Incident Response Team by emailing firstname.lastname@example.org and delete the message.
NOTE: This reporting process applies only to your UCT email account. If you receive phishing attempts in non-UCT email accounts (e.g. Gmail), please follow the process specified by that email service provider. This can usually be found in the service provider’s Help or Support pages and will help your service provider to minimise future phishing attempts to that email account.
- Change your password
If you responded to a phishing attempt and handed over your password and username you need to change your password immediately via Password Self-Service.
If you responded to a message that requested your username and password for external services (such as Facebook, LinkedIn, etc), immediately log in to the relevant website and change your password.
- Follow up with external service providers
If the phishing attempt relates to an external service provider - such as your bank:
- Contact the service provider and inform them that your account or information has been compromised.
- Let them know that someone has been impersonating their business (i.e. report the matter to them).
- Ask them to recommend the most secure methods to conduct your business with them. For example, many banks provide alternate accounts for online or telephone purchases. These special accounts limit the risk to a specific amount or transaction.
Remember these security tips
- Don't ever reply to emails that request personal information – especially usernames and passwords.
- NEVER share your password with anyone – not even an ICTS or UCT CSIRT representative.
- Do not open attachments unless you can verify the sender and the nature of the attachment.
- Don't open emails of unknown origin.
- Don't click on links in emails if you cannot recognise where the link directs you.
- Don't reply to spammers asking them to remove you from their mailing list. By replying, you are confirming your email address as valid and will only encourage more spam.
- Don't forward chain letters or marketing material.